Last updated: April 2026

1. Who we are and how to contact us

We are Mycareadmin Limited trading as Qwikify, a company incorporated and registered in England and Wales with company number 09394841, whose registered office is at 140 High Street, Iver, Buckinghamshire, England, SL0 9QA. In this Privacy Policy we refer to ourselves as Qwikify, we, us or our.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us:

•         By email: compliance@qwikify.com

•         By telephone: 0800 6893596

•         By post: Data Protection Officer, Mycareadmin Limited t/a Qwikify, 140 High Street, Iver, Buckinghamshire, SL0 9QA

2. Scope of this Privacy Policy

This Privacy Policy explains how Qwikify processes personal data for which it acts as a data controller. It applies to:

•         visitors to our corporate website at https://www.qwikify.com (the Website);

•         individuals who register an account on or use the Qwikify platform, including the web application and mobile app (together, the Platform); and

•         individuals at organisations that are customers of, or that enquire about, Qwikify’s services, including billing contacts, account holders and other business contacts.

Important — Care records and patient data:  This Privacy Policy does not cover personal data relating to service users, residents, patients or their family members that is processed by Qwikify on behalf of care provider organisations using the Platform. In that context, Qwikify acts as a data processor on the instructions of the care provider, which is the data controller. That processing is governed by the Qwikify Platform Terms and Conditions and the applicable Contract Documentation, not this Privacy Policy..

This Privacy Policy also tells you about your rights under the UK Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). Unless we notify you otherwise, Qwikify is the controller of your personal data for the purposes described in this Policy.

3. The personal data we collect about you

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymised data). We collect and process the following categories of personal data:

3.1 Identity and contact data

•         First name and last name

•         Job title and organisation name

•         Business email address and telephone number

•         Billing and correspondence address

•         Username and account credentials

3.2 Financial and transaction data

•         Billing details and payment card information (processed directly by Stripe — we do not store full card details)

•         Transaction history and invoice records

3.3 Technical and usage data

•         IP address, browser type and version, time zone and location

•         Device and operating system information

•         Login data, access logs and session information

•         Usage data — how you interact with the Website and Platform, features accessed, actions taken

•         Application error and performance data (processed via Sentry for diagnostic purposes)

3.4 Verification and eligibility data

•         Organisation registration information (e.g. company number, CQC registration number)

•         Identity verification documents

•         Credit reference information (where we carry out credit reference checks)

•         Information obtained from third-party databases used for eligibility verification

3.5 Communications and support data

•         Enquiries, support tickets and correspondence with our team

•         Feedback and survey responses

•         Records of telephone calls or video meetings with our team

3.6 Marketing and preferences data

•         Your preferences for receiving marketing communications from us

•         Records of whether you have opted in or out of marketing

3.7 Special category data

The Platform is designed for use by care providers to manage care records. In the normal course of providing the Platform, Qwikify does not process special category personal data about Platform users or business contacts as controller. If you contact us and voluntarily disclose special category data about yourself (for example, in a support request), we will handle it with the additional care required by law.

4. How we collect your personal data

4.1 Directly from you

We collect personal data you give us directly, including when you:

•         visit or interact with our Website;

•         register an account on the Platform;

•         purchase a subscription or other services;

•         correspond with us by email, telephone or through the Platform;

•         complete forms or surveys;

•         contact our customer support team; or

•         attend events or webinars we host.

4.2 Automatically

When you use our Website or Platform, we automatically collect Technical and Usage Data through cookies, server logs and similar technologies. Please see Section 9 (Cookies) for further details.

4.3 From third parties

We may receive personal data about you from third parties, including:

•         identity and credit reference agencies, where we carry out verification or credit checks;

•         Companies House and other public registers, for business verification purposes;

•         CQC and equivalent regulatory bodies, to verify care provider registration; and

•         NHS Digital and other public health bodies, in connection with GP Connect eligibility verification.

5. How we use your personal data

The law requires us to have a lawful basis for collecting and using your personal data. We rely on one or more of the following bases:

•         Performance of a contract — where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

•         Legitimate interests — where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights.

•         Legal obligation — where processing is necessary to comply with a legal obligation.

•         Consent — where you have given us your active agreement to process your data for a specific purpose. You may withdraw consent at any time.

The table below sets out how we use your personal data and the lawful basis for each activity:

6. Artificial intelligence and automated processing

6.1 AI used within the Qwikify Platform

Qwikify uses Amazon Bedrock (AWS), to power AI features within the Qwikify Platform. In this context Qwikify acts as a data processor on behalf of its care provider clients, processing data in accordance with their instructions. This processing is not governed by this Privacy Policy — it is governed by the Qwikify Platform Terms and Conditions and the applicable Contract Documentation, which set out the rules and commitments that apply, including in relation to data location, AI training and personal data handling.

6.2 AI used for Qwikify business functions

Qwikify uses AI tools to support its internal business functions, including customer support, business analytics and operational processes. The AI tools we currently use for these purposes include features within Zendesk and other AI-powered productivity and business tools. These tools process personal data about our customers, contacts and staff in our capacity as data controller, in accordance with this Privacy Policy.

We do not use personal data processed through our business AI tools to train AI models. We may use aggregated or anonymised data derived from business analytics for the purpose of improving our operations and services.

7. Disclosure of your personal data

We may share your personal data with the following categories of recipient:

7.1 Our service providers and sub-processors

We share personal data with third-party providers who process data on our behalf to help us run our business and deliver our services. These providers are listed in Section 8. We require all providers to process personal data securely and in accordance with our instructions and applicable data protection law.

7.2 Regulators and public authorities

We may disclose personal data to regulators, law enforcement bodies or other public authorities where we are required to do so by law, or where we reasonably believe disclosure is necessary to protect our legal rights or the safety of others.

7.3 Business transfers

If Qwikify is involved in a merger, acquisition, restructuring or sale of assets, personal data may be transferred to the relevant third party as part of that transaction. We will notify you of any such transfer and any choices you may have.

7.4 Professional advisers

We may share personal data with our legal advisers, accountants, insurers and other professional advisers where necessary for the conduct of our business.

7.5 With your consent

We may share your personal data with other third parties where you have given us your consent to do so.

8. Our third-party service providers

The following third-party providers process personal data on our behalf in connection with the Website, Platform and our business operations. Each provider processes data in accordance with their own privacy policies, linked below.

8.1 Infrastructure and hosting

Amazon Web Services (AWS)

Cloud hosting, infrastructure and data storage for the Qwikify Platform. AWS hosts the Platform and stores data processed in connection with our services within the UK/EU region.

Privacy policy: https://aws.amazon.com/privacy/

8.2 Authentication

Amazon Cognito (AWS)

User authentication, login and identity management for the Qwikify Platform.

Privacy policy: https://aws.amazon.com/privacy/

8.3 AI infrastructure

Amazon Bedrock (AWS) — including Anthropic Claude models

AI model infrastructure used to power AI features within the Qwikify Platform. AI processing is carried out within the UK/EU region for personal data. Non-personal data may be processed outside the UK/EU in accordance with our Terms and Conditions.

Privacy policy: https://aws.amazon.com/privacy/

8.4 Email delivery

Amazon SES (AWS Simple Email Service)

Transactional and system email delivery, including account notifications, verification emails and subscription communications.

Privacy policy: https://aws.amazon.com/privacy/

8.5 Payment processing

Stripe

Payment processing for self-service subscriptions and other purchases. We do not store or collect full payment card details. That information is provided directly to Stripe and governed by their privacy policy. Stripe adheres to PCI-DSS standards.

Privacy policy: https://stripe.com/gb/privacy

8.6 Customer relationship management

HubSpot

Customer relationship management (CRM) platform used to manage communications, sales activity and account information relating to our customers and prospective customers.

Privacy policy: https://legal.hubspot.com/privacy-policy

8.7 Customer support

Zendesk

Customer support platform used to manage support tickets and communications. We instruct users not to include personal data or care record information in support tickets. Support interactions may include identity and contact data.

Privacy policy: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/

8.8 Application monitoring

Sentry

Application error monitoring and performance tracking. Sentry processes technical data and user identifiers in connection with error logging and diagnostics. Sentry is configured to exclude care record data from error logs.

Privacy policy: https://sentry.io/privacy/

8.9 Analytics

Google Analytics

Web analytics for our corporate website, tracking usage patterns and visitor behaviour to help us improve the Website. You can opt out via the Google Analytics opt-out browser add-on.

Privacy policy: https://policies.google.com/privacy

8.10 Email marketing

We use [Amazon SES / confirm email marketing platform] to manage and send marketing emails. You may opt out of marketing emails at any time by clicking the unsubscribe link in any email or by contacting us.

9. Cookies and tracking technologies

Our Website uses cookies and similar tracking technologies to distinguish you from other users and to improve your experience. By continuing to use our Website, you consent to our use of cookies in accordance with this section.

9.1 What are cookies?

A cookie is a small file of letters and numbers stored on your browser or device when you visit a website. Cookies allow us to recognise you on subsequent visits and to improve your experience.

9.2 Types of cookies we use

Strictly necessary cookies

These cookies are essential for you to use our Website and its features. They authenticate users and prevent fraudulent use of accounts. These cookies cannot be disabled.

Functionality cookies

These cookies allow us to remember your choices (such as login details and preferences) to provide a more personalised experience.

Analytics and performance cookies

These cookies collect information about how you use our Website, such as which pages you visit. We use Google Analytics for this purpose. You can opt out by installing the Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout

Marketing and remarketing cookies

We use Google Ads to show relevant advertisements to users who have previously visited our Website. You can opt out of interest-based advertising at:

•         NAI opt-out platform: http://www.networkadvertising.org/choices/

•         EDAA opt-out platform: http://www.youronlinechoices.com/

•         DAA opt-out platform: http://optout.aboutads.info/

9.3 Cookies on the Platform

The Platform (web application and mobile app) uses strictly necessary cookies and session management technologies to authenticate users and maintain secure sessions. We do not use marketing or remarketing cookies within the Platform.

9.4 Managing cookies

You can control and delete cookies through your browser settings. Please note that disabling cookies may affect the functionality of our Website or Platform. For more information about managing cookies, visit www.aboutcookies.org.

10. International transfers of personal data

Most personal data we process is stored and processed within the United Kingdom or the European Economic Area (EEA). Some of our service providers (listed in Section 8) may process personal data outside the UK or EEA. Where this occurs, we ensure that appropriate safeguards are in place to provide personal data with the same level of protection as it has in the UK, including:

•         transfers to countries that the UK Government has determined offer an adequate level of data protection; or

•         use of the UK International Data Transfer Agreement (IDTA) or equivalent contractual safeguards approved for use in the UK.

AI processing via Amazon Bedrock for non-personal data may take place outside the UK/EU in accordance with our Platform Terms and Conditions. Personal data processed in connection with our services is not transferred outside the UK/EU for AI processing purposes.

11. Data security

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. These include:

•         encryption of data in transit and at rest;

•         access controls limiting access to personal data to authorised personnel only;

•         regular security assessments and penetration testing;

•         staff training on data protection and security; and

•         procedures for detecting, reporting and investigating personal data breaches.

We will notify you and any applicable regulator of a personal data breach where we are legally required to do so.

12. How long we keep your personal data

We retain personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting or reporting requirements. When determining the appropriate retention period, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and whether those purposes can be achieved through other means.

As a general guide, we retain the following categories of data for the following periods:

We may retain personal data for longer where there is a complaint or where we reasonably believe litigation is likely. We may anonymise personal data so that it can no longer be associated with you, in which case it may be used for research or statistical purposes without further notice.

13. Your data protection rights

Under UK data protection law, you have the following rights. Not all rights are absolute and some are subject to conditions. We will respond to all legitimate requests within one month, or within three months for particularly complex requests (in which case we will notify you of the extension).

Right of access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).

Right to rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to erasure

You have the right to request that we delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected. This right does not apply where we are required by law to retain the data.

Right to restrict processing

You have the right to ask us to restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of the data or consider your objection.

Right to object

You have the right to object to processing based on our legitimate interests. We will cease processing unless we have compelling legitimate grounds that override your interests or we need to process the data for legal claims.

Right to data portability

Where we process your personal data by automated means on the basis of your consent or a contract, you have the right to receive that data in a structured, commonly used and machine-readable format.

Right to withdraw consent

Where we rely on consent as the lawful basis for processing, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Right not to be subject to automated decision-making

We do not make solely automated decisions about you that produce legal or similarly significant effects.

To exercise any of your rights, please contact us using the details in Section 1. You will not normally be charged a fee, but we may charge a reasonable fee or decline requests that are clearly unfounded, repetitive or excessive. We may need to verify your identity before processing a request.

14. Complaints

We take data protection seriously and would appreciate the opportunity to address any concerns directly. Please contact us in the first instance using the details in Section 1.

If you remain unsatisfied, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

•         Website: www.ico.org.uk

•         Helpline: 0303 123 1113

•         Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

15. Links to third-party websites

Our Website and Platform may contain links to third-party websites. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on our Website and, where appropriate, by email or in-Platform notification, before the changes take effect. The “Last updated” date at the top of this policy will always reflect the most recent version.

We recommend that you review this Privacy Policy periodically. Continued use of our Website or Platform after an update constitutes acceptance of the revised policy.